The following problems were fixed in Apache Tomcat version 7.0.23:
Important: Denial of service CVE-2012-0022
Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.
Affected Apache Tomcat versions (7.0.0 - 7.0.22).
- Important: Denial of service CVE-2012-0022
- Upgrade to the latest version of Apache Tomcat.
- WordPress Plugin GeSHi Source Colorer Cross-Site Scripting (0.13)
- WordPress Plugin Google Adsense and Hotel Booking Open Proxy (1.0.5)
- WordPress Plugin BuddyPress Docs Security Bypass (1.9.2)
- Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.18)
- WordPress Plugin Fancy Product Designer Cross-Site Scripting (3.4.1)